CISPA Passes the House. What is CISPA, Anyway?

The controversial Cyber Intelligence Sharing and Protection Act otherwise known as CISPA (HR 3523) passed through the House of Representatives Thursday by a vote of 248 to 168. The bill now moves on to the Senate, where it needs a simple majority to make it to President Obama’s desk to be signed into law. Given that Thursday’s vote in the House went more or less along party lines, with Republicans voting in favor, there’s a very good likelihood that the President would veto the bill should it get through the Senate (which his administration has already threatened to do). But bills get revised all the time, vetoes can be overridden by super-majorities and, well, you just know never know.

Since CISPA at least as a chance at affecting your life in a major way, it’s worth your getting acquainted with the basics of the proposed legislature so you can act out for/against it now. CISPA hasn’t sparked public outrage on the level that SOPA did a few months back, but it does have wide-ranging potential to change the way privacy is handled all over the Net. Here’s the beginning of what you need to know:

The act would permit Internet companies to share confidential customer information with certain parts of the government, including the NSA. While CISPA as it currently stands wouldn’t require companies to turn information over to the government, it’s not without precedent for a Web company to voluntarily turn sensitive customer information – potentially including health records, credit information and the like – over when a federal official asks in just the right tone of voice.

Opponents of CISPA – including the ACLU (American Civil Liberties Union) and EFF (Electronic Frontier Foundation) – fear its wide-reaching potential to eradicate online privacy. Rep. Jared Polis (D-Colorado) said during Thursday’s House debate that CISPA would, “waive every single privacy law ever enacted in the name of cybersecurity. Allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on.”

Perhaps the most widely cited portion of the bill – at least by those against it – is this one:

Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes — (i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and (ii) share such cyber threat information with any other entity, including the Federal Government.

Language like “notwithstanding any other provision of law,” has privacy advocates up in arms. One of the fears is that CISPA’s wording is so broad as to allow wide-reaching and potentially abusive interpretations that could destroy individuals’ privacy rights without just cause.

But proponents of the measure – Facebook and Microsoft are among them – cite national security as a blanket reason for increased protection from cyber threats in the form of new legislation. While Obama’s White House is against CISPA in its current form, they have previously indicated an interest in taking further action to protect America from said “cyber threats,” so don’t expect this debate to end anytime soon if the current version of CISPA is, in fact, defeated.

Want to know more? CNET‘s Declan McCullagh posted an in-depth CISPA FAQ that’s well worth a read, as is this ABC News/Yahoo!piece by Rachel Rose Hartman.